According to the EU general data protection regulation 2016/679 (hereinafter "GDPR"), the personal data provided will be used as automated tools for the web services management offered by this website (hereinafter, Covid-19 Litigation website) run by the University of Trento (hereinafter, University), within the institutional purposes of the Covid-19 Litigation Project, co-financed by the World Health Organization.
According to the referred legislation, the processing of data is inspired by principles of correctness, lawfulness, transparency, relevance and non surplus and by the protection of rights and privacy of the persons involved.
Processing data’s purposes
The University informs that personal data are processed within the Covid-19 Litigation Project institutional purposes, especially for what concern the web services management offered by the Covid-19 Litigation's website.
Kind of processed data
The information systems and software procedures relied upon to operate this web site acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols. Such information is not collected in order to relate it to identified data subjects, however it might allow user identification per se after being processed and matched with data held by third parties. These data are only used to extract anonymous statistical information on website use as well as to check its functioning, and they will be retained for no longer than necessary to processing data. The data might be used to establish liability in case computer crimes are committed against the website.
This data category includes: IP addresses and/or the domain names of the computers used by any user connecting with this web site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests, the method used for submitting a given request to the server, returned file size, a numerical code relating to server response status (successfully performed, error, etc.), and other parameters related to the user's operating system and computer environment.
Data voluntarily provided by the user
This website provides some contact and registration forms which allow the user to provide some Personal Data, such as first and last name, email address, nationality, professional role and affiliation. The sending of personal data, including email address, which is done on a freely chosen basis, explicit, and voluntary option, entails the acquisition of the same data only in order to satisfy user’s requests and to manage the purposes of this webiste.
Personal data is processed with automated means for no longer than necessary in order to achieve the purposes for which it has been collected. Specific security measures are implemented to prevent data from being lost, used unlawfully and/or inappropriately, and accessed without authorisation.
Nature of data transmission
Subject to the specifications made with regard to navigation data, users are free to provide the personal data requested by web service’s form of the website. Failure to provide such data may entail the failure to be provided with the items requested. Recording and sending his/her own personal data entail expression of consent to process data provided for the indicated purposes.
Data controller and data processor of personal data
The data controller is the University of Trento, via Calepina 14, 38122 Trento (TN), Italy.
The University's Data Protection Officer (DPO) can be contacted at the following e-mail address: firstname.lastname@example.org
Data subject’s rights
Data subjects are entitled at any time to exercise the rights guaranteed by the GDPR, that are:
- The right to obtain confirmation of the existence of personal data concerning them, whether not registered yet, and their intelligible communication;
- The right to be informed about a) the source of personal data, b) the purposes and methods of the processing, c) methods applied in case of processing data helped by electronic tools, d) identification data of the data controller and, in case, of data processor, e) subjects or categories of subjects that may receive the communication of personal data or that may learn about them as appointed representative in the State, or as data processors or as persons tasked with processing;
- Right to obtain a) data’s updating, rectification or, if interested, integration b) erasure, anonymization, or blocking of any data processed in breach of the law, including those which retention is unnecessary according to the purposes for which data have been collected or later processed, c) the certification that the operation referred to let. a) and b) have been communicated, including his contents, to those to whom data have been disseminated. These fulfillments will not be made if impossible, or if it entails a disproportionate use of means compared to the protected right.
- The right to object, in whole or in part, on legitimate grounds, to the processing of data.
To exercise the rights guaranteed by the GDPR it is possible to send a specific request to email@example.com
Main definitions in the field of protection of personal data
- Personal data
- Any information concerning a natural person, identified or that can be identified, even indirectly, using any other information, included a personal identification number.
- Any operation or complex of operations, even if realised without the help of electronic tools, that concern collection, recording, organisation, keeping, interrogation, elaboration, modification, selection, retrieval, comparison, utilisation, interconnection, block, communication, dissemination, erasure and destruction of data, whether not registered on a database.
- Data controller
- Natural or legal person, the public administration or any other institution, organisation or body who is empowered to take decisions on the purposes and on the procedures of processing of the personal data and the used tools, including the security profile.
- Data processor
- Natural person, legal person, the public administration or any other institution, organisation or body entrusted to the data processing by the data controller of the personal data. Person tasked with processing: the natural person authorised to make process operations on personal data.
- Data subject
- Natural person that is the subject of the personal data.